When Disclosure is better than Disaster

Anxious to avoid upsetting air travelers, NASA is withholding results from an unprecedented national survey of pilots that found safety problems like near collisions and runway interference occur far more frequently than the government previously recognized.

What does this have to do with Open Source software?

Early on in my software development career I learned a shocking truth about the software industry: most software sucks. By now that revelation is no surprise—we becomed so accepting of bad software that we are surprised when software does not suck. The cost of all this bad software clocks in at $386B USD per year by my estimates, and if my fellow board member Matt Asay's numbers are to be believed, perhaps $1T USD is literally wasted each year.

One possible explanation as to why so much bad software is tolerated by so many for so long is that companies tend to keep their failures private. When a jet aircraft crashes and people die, it's pretty difficult to hide that fact: news is reported, disclosures are made, investigations run their course, and reports are finally filed. But when applications crash, who files the reports? Who is privileged to read them? Not the general public. And this lack of transparency leads to complacency that results in all sorts of continuing problems.

If the airlines aren't safe I want to know about it. I would rather not feel a false sense of security because they don't tell us.—Rep. Brad Miller (D-NC) quoted in CNN Report

What is our false sense of software security costing us? How can we find out if the software we're using is using us? One of the reasons I think open source is so important is beause transparency is one of the great remedies of bad software. It shines enough light on the subject that one can run, screaming, from the truly bad software. And one can step in and fix only slightly bad software. Perhaps this explains why Coverity has found that compared with the average defect density in proprietary software, 32 widely used open source projects have 1/50th to 1/150th the defect rate.

The whole reason that NASA spent $8.5M to interview 24,000 commerical and general aviation pilots was to reduce airline fatality rates by 80%. According to the CNN report, the goal has not been met, and by not submitting the data to public scrutiny, I doubt the goal will be met. As Brad Miller wrote to NASA's administrator Michael Griffin: "The data appears to have great value to aviation safety, but not on a shelf at NASA."

The open source model has proved itself an excellent remedy to the problems that plague the traditional software marketplace. It takes a lot of courage to submit one's code to such scrutiny, but considering the alternatives, it's worth it.